Who is knocking at the door for me?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
82 views
On the home computer installed FTP server Gene6 FTP Server 3.10. For personal needs: it is convenient to share files with loved ones, not killing time on placing them on file-hosting sites, and just giving a direct link. Or when you want to take a large file, perhaps in a few see that.
Domain not even tied to it, access my external IP.

Somewhere two weeks ago started to receive incoming connections from strange IP every five minutes. Here's a piece from the logs:
image
(Ban I put only symbolic, access to FTP is still the logins and passwords. About my IP not be surprised, my router is).

Information about the IP could not be obtained:
image

This address is not routable.

Question to experts: what could it be?
Don't be afraid to poke my nose in some basic facts.
by | 82 views

7 Answers

0 like 0 dislike
Possible bot indexing FTP files to a local network provider.
But it is not clear how he found you, if only stupid overkill on the ip.
by
0 like 0 dislike
Most likely someone in your local network as You are trying to get on Your server :)
by
0 like 0 dislike
It's the neighbor at network provider/peering, most likely. Or spotlessy ip. Hammer, on the Internet thousands of bots who are doing just that and that scanet network in search of available and vulnerable services. Passwords more complicated, the desire to tie autobalance or ips type Snort'and forget about it.
by
0 like 0 dislike
I would have assumed that a thread's local search ftp servers.
Me this thing every 10 minutes pulls, long ago banned it and forgot :)
In General, a lot of fools, I have fail2ban working hard :)
by
0 like 0 dislike
linux, white SP, permanently in the logs is not successful authorization including ssh, etc. so adjust the firewall or utility which will ban someone a few times, not successfully logged
by
0 like 0 dislike
Clarification: a little more detail from the Whois on this IP.
PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED (NET-10-0-0-0-1)
Indicates the IANA — Internet Assigned Numbers Authority
\rwww.iana.org/
\r
Not like the local neighbor :)
by
0 like 0 dislike
Most likely it is the searchers open ports. If the IP somewhere lit in the open it will be even worse.
I noticed a thing: I'm not particularly bursting at the comp. As soon as ordered his IP in one of the registered domain names, so immediately began repeated attempts to connect to FTP/HTTP/SSH/MySQL ports. And the day on SSH 5-10 times with different IP. 2-3 times a day on the MySQL port. Personally, I think it collect data for break-ins. Here people scanat IP ranges for RDP, and then test the passwords on the most popular, then hacked servers sell the in the open in the Internet.
by

Related questions

0 like 0 dislike
1 answer
asked May 2, 2019 by AlexanderShustik
0 like 0 dislike
1 answer
0 like 0 dislike
2 answers
0 like 0 dislike
7 answers
0 like 0 dislike
3 answers
asked May 2, 2019 by serg_small_developer
110,608 questions
257,186 answers
0 comments
28,052 users